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METHOD JQ ^BRO^ ^ AI,TU ^ZAllON. A Ch ETl l-Y ING- AUTI 1QR I TY, A 
TERMINAL, A SERVICE PROV10ER AND A CERTIFICATE REALIZING SUCH 

A METHOD AND A TELECOMMUNICATION NETWORK COMPRISING 
SUCH A CERTIFYING^UTHORITY, SUCH A TERMINAL. SUCH A SERVICE 
5 RI K>VIPER AND SUCH TTrERTtFf€ATE. 

^fa ^ -p respnt invpfit i n n relules l o U met hod lo plOViUe - authorizatio 




s r ribed in Hie p t eu i ^rb l e of duim J^ t o^a c ertifying authority, a terminal, a 
service provider arj/a certificate realizing such a method as described in the 
10 preamble of cbfm 7, claim 8, claim 9 and claim 10 respectively and to a 
telecommunication network comprising such a certifying authority, such a 
sAemiaoi ^ su ch a servin g providar described in the preamb le of c l aim 1 1 - 

Such a method for use in a telecommunication environment to provide 
authorization by a certifying authority to a service provider to execute predefined 
15 functionality in the event when a service is provided by the service provider to a 
terminal of a user, is already known in the art. Indeed, in such an event the 
certifying authority delivers a certificate to the service provider that provides the 
service provider the authorization to execute all the functionality of the 
telecommunication environment. Such a certificate is explained in the "Frequently 
20 asked questions about today's cryptography, version 4.0' published by RSA 
laboratories, a division of RSA Data Security in 1998. Herein, the answer to 
question 4. 1.3 JO. 'What are certificates' describes the object of a certificate. 
Certificates are digital documents attesting to the binding of a public key to an 
individual or other entity. They allow verification of the claim that a specific key 

25 does in fact belon g to a specific individual Certificates-belp-to-pfevef>t^someone- 

from using a phony key to impersonate someone else. Certificates are typically 
used to generate confidence in the legitimacy of a public key. In some cases it 
may be necessary to create a chain of certificates, each one certifying the 
previous one until the parties involved are confident in the identity in question. 
Such a certificate contains a public key and name. As commonly used, a 
certificate also contains an expiration date, the name of the certifying authority 
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that issued the certificate and a serial number. Most importantly, it contains the 
digital signature of the certificate issuer. The most widely accepted format for 
certificates is defined by the ITU-T X.509 international standard. Thus certificates 
can be read or written by any application complying with X.509. 

Another application of certificates is described in the WAP WTLS, 
Version 30-Apr-T998, Wireless Application Protocol, Wireless Transport Layer 
Security specification. Herein the content of such a certificate is described at page 
57, paragraph 10.5.2 : a version of the certificate, the algorithm used to sign the 
certificate, the certification authority who signed the certificate, the validity period 
of the certificate, the owner of the key, the type of the key, parameters relevant 
for the public key and the public key that is being certified. The use of such 
certificates is described now in the following paragraph. 

A service provider can send a service to a terminal of a user. These 
services can contain functions that do e.g. call control on the phone whereby any 
service provider can take over control of the phone e.g. make calls and accept or 
reject calls. In order to prevent malicious service providers from abusing 
someone's phone, a certificate based authentication system is used. Only if the 
service provider can present a certificate that is signed by a certifying authority 
e.g. a telecommunication network operator, the service provider is allowed 
access to these dangerous functions. The service provider is allowed to use 
predefined functionality when the service is provided by the service provider to a 
terminal of the user. 

It has to be remarked that the expression 'a service is provided by the 
service provider' means that for instance the content of a service is executed by a 
terminal of the user V^en_such^redefined-fu^ 

terminal, first, the terminal controls the presence of a signed certificate for the 
service provider. When such certificate is available the function might be 
executed without e.g. any danger for abuse of the terminal. 

A further remark is that a certifying authority can be a network 
operator itself. However, according to actual trends, such certifying authority can 
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be a service provider itself that provides the service to a network operator of the 
management of giving or refusing such certificates. 

Yet, it has to be remarked that the verification of the existence of a 
signed certificate implies different steps like a certification process, a certificate 
5 distribution and validation whereby public key / private key PKI algorithms are 
involved in order to provide a digital signing of the certificate. These steps are 
known steps to a person skilled in the art and are therefor not described in 
details here. The aim is the signing of a certificate and the fact that this signature 
can be controlled. 

10 A problem outstanding with the existing certificates is that they are all 

■O or nothing solutions. This means that a service provider can get access to all 

1% functions or to no function i.e. a certificate is delivered or no certificate is 

4= delivered by the certifying authority. 

fji Such a situation is often not sufficient for a network operator. Indeed, 

15 a network operator can not risk that a service provider may eventual by accident 
l~i disable services to some terminals. 

H 5 The problem becomes more clear with the following example. 

; r| Presume a situation where a network operator trusts some service provider 

^ enough to let him modify the digital personal telephone book of a user, but the 

20 network operator does not trust the service provider enough to give him access to 
all functionality i.e. delivering a certificate. A solution to this problem is to add 
this function to the public library. This means that the network operator allows 
the use of this function by all service providers according to predefined 
specifications e.g. specifying the function in such a way that the user is previously 

25 asked permission by a service provider_to_add_a_pT.edefiQed-e ntnyj n-i ts~t el e p hop e- 

book. However, in such an event, also service providers that are trusted 
completely should work with the public function. Otherwise, both functions must 
be created i.e. one public function and one non-public function. This is resulting 
in a very complex, resource expensive and still not completely satisfying 
30 specification. 
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6u*nmA^ o*r The. ~X.i\irucrto& 
The object of the invention is to provide a method to provide 

authorization by a certifying authority to a service provider to execute predefined 

functionality, such as the above known methods, but which does not have the 

above mentioned drawbacks of dividing service providers into trusted or not 

trusted service providers. 

invpnftiriCL ^r n l Vj^^ | | \u | » f^] - ? l Q m hy rli\/irlir )g j f^ f* sf&rvirg ) provider^ il l l Q- 

iore detailed categories by giving a service provider access only to well specified 
functionality. This is realized by comprising in the certificate of a service provider 
a definition of the/predefined functionality which is allowed to be executed by the 
10 service provider 6nd which is part of the global functionality that supports the 
telecommunication environment. This is described by the method of claim 1 and 
is realized by the certifying authority of claim 7, the terminal of claim 8, the 
service provide/ of claim 9 and the certificate of claim 1 0 that are included in the 

15 Indeed, by storing detailed information inside the certificate that is 

signed by the certifying authority, fine grained access control by the operator is 
possible. This drastically reduces the risk for an operator. In this way, a service 
provider can be allowed to use e.g. a predefined telephone function on a 
terminal without being able to damage the terminal or the network. 
20 It has to be remarked that according to the prior art solutions a 

terminal controls first the presence of a signed certificate before its executes an 
included function of a service provided by a service provider. According to the 
present invention, the terminal controls not only the presence of a signed contract 
but also the presence of the definition of a predefined function in the signed 
_25 contracl„b.eioxeJt_exe^ 




that includes this function. 

A d tuwback uf l l i e p ieysn l inv e nt i on is however l hal the ieHi f iia te-§ete- 
larger by comprising a definition of the allowed functionality. A characteristic 
feature that is a solution to Wis drawback is described in claim 2. Indeed, by 
30 introducing an hierarchical/tree-like structure in the organization of the global 
functionality the definitiopf of the predefined allowed functionality can at least 



partly be realized by a definitiop^6f a branch of the structure. Hereby 
authorization is provided topfedefined functions of the predefined functionality 
that are related to th^Bfanch. In this way also libraries identifiers and function 
identifiers as dejirfed by the wireless mark-up script language can be used to be 
mentioned>n order to provide authorization for, either one function, all functions 
from ode library or all functions in all libraries : e.g. enable-all, enable-library- 
44€* ntifi n r f r n oblo - f unc t ion iden tifie r . 

A fuith ei in i |J i uve iii enKof the d e finition o tUhe-^a^de fincd a llowuj- 
functionality in the certificate^] realized with claim 3. Herein it is described that 
the definition of the op^defined functionality is at least partly realized by a 
revocation of part af4he global functionality. This is e.g. implemented by using 
not only an 'entfole' function with an allowed function as argument but also by 
using an 'pKsable' function with a revoked function as argument. Herewith, 
authorisation to all functions of a library except one can easily be realized by 
aaoWB94heJ ibrary and disab l ing tho rovokod func t ion. 

■A-^ hirthpr implementati o n is doccr i bod in d OTrfr"^ hterem—il— 

described that the definition of the predefined functionality comprises definitions 
of wireless mark-ua/script language. Indeed, such implementation takes the 
advantage of mpxing use of already existing and defined functions in a common 
known scripjrng language. These functions are described in a specification: 
Wireless/Application Protocol Wireless Markup Language Script WMLScript 
Lana^age Specifications, version 30 April 1 998 published by the WAP Wireless 
AppHca i i u n P/ o / uio / fu r ui i h - 

Another example of existing script language functions is provided e.g. 

b y the Javascript lang uage functions 

Taftkefn iiM a, us ulieudy Tneflliorred "abov e, the Wir eless- Te l ephony 
Application Interface libraries are organizing wireless mark-up script language 
functions into predefined functions >6nd libraries such as call control, sending of 
short messages or managing a c/hone book. These functions and libraries of the 
wireless telephony application/functions can also be used to define the allowed 
predefined functionality in/the certificate. They are specified in the 'Wireless 
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Application Protocol Wireless Tpiephony Application Interface specifications, from 
*thg_W£EJatv m and pubji-siiod at April 30, 1998. This io -t fescribed in da i m 5 r- 

Yot - thc d e finitions o f slu ii JyKl' func t ions of a term i na l- u r. i iihu du c ud - 
into the definition of the allowejil^fedefined functionality. Indeed, by introducing 
5 standard functions as specified according to the 'Wireless Application Protocol 
WMLScript Standpra Libraries Specifications, published by the WAP Forum at april 
30,1998' jy*ferv\ce provider is allowed to use this standard functionality in order 

Finally it has to be remarked that the above mentioned WTAI functions 
10 as defined above are known to a person skilled in the art. These functions are 
valid for common known mobile terminals. However, additional functions can 
be defined in addition to the WTAI specifications according to the type of network 
used. An example is provided for a GSM addendum, an IS- 136 (TDMA Time 
Division Multiple Access Cellular PCS Personal Communication System Radio 
15 Interface - Mobile Station - Base Station - compatibility) addendum and a PDC 
Pacific Digital Cellular addendum for WTAI, which are specified, respectively, in : 

- Wireless Application Protocol Wireless Telephony application 
Interface specification, GSM Global system for Mobile Telecommunication 
specific Addendum, published by the WAP forum at April 30, 1 998; and 

20 - Wireless Application Protocol Wireless Telephony application 

Interface specification, IS-136 specific Addendum, published by the WAP forum at 
April 30, 1998; and 

- Wireless application Protocol wireless Telephony application Interface 
Specification, PDC specific Addendum, published by the WAP forum, April 

25- 30,1998. 



It should be noticed that the term 'comprising", used in the claim, 
should not be interpreted as being limitative to the means listed thereafter. Thus, 
the scope of the expression "a device comprising means A and B" should not be 
limited to devices consisting only of components A and B. It means that with 
30 respect to the present invention, the only relevant components of the device are A 
and B. 
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Similarly, it is to be noted that the term "coupled", also used in the 

da ims, should not be interpreted as being limitative to direct connections only. 

Thus, the scope of the expression "a device A coupled to a device B" .should not 

be limited to devices or systems wherein an output of device A is directly 

connected to an input of device B. It means that their exists a path between an 

output A and an input B which may be a path including other devices or means. 
CW*£ Oesc/Vpfi'en/ of -Hie Oa w }^ 
nhnvp riruH ^th^r nhjorfc gnd4**' i l 1 f i 1 *f thn invontion -wi l l h r rnm r 
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more apparent anpKhe invention itself will be best understood by referring to the 
following description of an embodiment taken in conjunction with the 
Qee ompci i iying figure whidi il l ushat e s a t e l ecommunication netwo r k. - 

- firrt, thn mnrlrinr) nf thn m^hoH ^ f prnrr^t inwn^j^n p p=r - 

explained by means of a functional description of the functional blocks shown in 
the figure. Based on this/aescription, implementation of the functional blocks will 
be obvious to a perse^n skilled in the art and will therefor not be described in 
further detail. In/addition, the principle working of the method to provide 
authori z ation win bo d es cribed. 

R cf ei i ing lo JJrfi figure a to lo comm T Jfiicx itieft^ n ^ im nmp nt io Ghown . 
The telecommunication environment comprises a certifying authority CA, a 
"termina l T of*a user and a service p ro vi d e ! G P . 

The — ceilifyiny — autho r ity — GA — rs — coup l ecL -^da a — tel o communic -qJixio-' 

network to the service providfer SP and to the terminal T. Also the service provider 
SP and the terminal T/Ore coupled to each other via the telecommunication 
network. However, in order not to overload the Figure, this telecommunication 
network is in the Figure only shown in a simple way of inputs and outputs of the 
different included elements. Furthermore. it_ has Jo_be-understood--that-it-i5;-dpPiP — 
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to a person/skilled in the art that such a telecommunication network includes 
more them one service provider SP, more than one terminal T and even might 
inclu0fe more than one certifying authority. Since the invention can be explained 
onj^ by mentioning the different above elements more elements are not shown in 
5c figures 
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The certifying authority CA comprises a decider DEC and an including 
means INC coupled thereto. The decider DEC is coupled between an input of 
the certifying authority CA and the including means INC. The including means 
INC is on its turn coupled to an output of the certifying authority CA. 
5 The decider DEC is included to decide whether the sen/ice provider SP 

is entitled to execute at least part of the global functionality GF' of the 
telecommunication environment. In order to make this decision the decider DEC 
makes use of predefined information. This information can be implemented by 
means of a memory e.g. a database that keeps track of the different service 

10 providers and its allowed functionality. On the other hand an operator of the 
certifying authority CA might give an input in order to provide the predefined 
information only in the event when the question arises. The decider DEC is 
enabled to make decisions regarding the global functionality of the 
telecommunication environment according to predefined rules and conditions. 

15 This means that eventual e.g. for part of the global functionality GF the question 
never arises since the involved network operator prefers to keep this part only for 
its own purposes. On the other hand, the decider DEC is able to take requests of 
the service providers into account. In this way the decider DEC is enabled to 
make only a decision for the requested functionality by a service provider SP and 

20 saves hereby processing time. The decider DEC provides a result of its decision 
that is the allowed functionality F. The allowed functionality is provided by the 
decider DEC to the including means INC. 

The including means INC comprises the allowed functionality F into 
the certificate CERT. According to this preferred embodiment this is realized with 

25 three predetermine d functions:_enable r -disable-and^all — The-foclusioFHmecms-IN&~ 
uses these predetermined functions upon the list of global functionality GF. The 
global functionality GF is organized in an hierarchical tree-like structure. The 
structure comprises libraries i.e. the branches of the tree and functions i.e. the 
ends of the branches. The libraries and the functions are used as the arguments 

30 of the predetermined functions. In this way, the including means INC is enabled 
to comprise the result of the decider DEC in a clear and concise way into the 



certificate CERT. The certificate is transmitted to the service provider SP but is 
also transmitted to other locations into the network. Indeed, it has to be 
explained that, as it is known to a person skilled in the art, these certificates might 
be consulted on predefined public locations in the telecommunication 
5 environment. 

The service provider SP comprises a transmitter TRX. The transmitter is 
coupled to an output of the service provider SP. The transmitter TRX is included 
to transmit a request REQ(GF') of the service provider SP that includes a 
definition of the functionality where for the service provider SP desires access. 
10 This request REQ(GF') is transmitted to the certifying authority CA. As 

it is known to a person skilled in the art, a service provider SP also receives a 
response of the certifying authority CA. In the event when the service provider SP 
is allowed to receive a certificate CERT, the certificate includes according to the 
present invention a definition of the allowed functionality F. 

15 The terminal T comprises a processor P. The processor is included to 

verify the presence and the content of a certificate. Indeed, in the event when a 
user desires to use a service SERV of the service provider SP and this service 
comprises the execution of a predefined function fl, the certificate CERT will first 
be checked upon the authorization of this execution. Therefor the certificate 

20 CERT is extracted from the predefined location in the network. This checking 
might be performed at the moment when the service SERV is being provided but 
might be as well executed in advance. Indeed, it is possible that the user used 
this sen/ice SERV some time ago and that the certificate was already checked by 
that time. In this way, the result might still be stored in a cache of the terminal T. 

25 On the other hand, it might as well be the content-ofahe-c-ertifi^ 

stored in a cache of the terminal T whereby the certificate CERT(F) does not need 
to be extracted from a predefined location in the network anymore. 

The processor P provides hereby a result OK/NOK that authorizes or 
revokes, respectively, the access to the function fl whilst the service SERV is 

30 executed. 
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Th e following paragraph describes the principle working of the 
present invention. 

Presume a situation wherein the service provider SP wants to provide a 
service SERV that comprises the function f 1 call set-up. The service provider SP 
5 never provided such a service SERV that includes this functionality, so the service 
provider SP first has to get to permission to access the call set-up function of a 
terminal T. The service provider SP transmits a request REQ with its transmitter 
TRX to the certifying authority CA. For this particular embodiment it is preferred 
to work with a certifying authority CA that only takes into account the requested 
10 functions. In this way the certifying authority saves processing time. Thus, the 
service provider SP comprises in its request the required functionality GF' i.e. the 
call set-up function f 1 . The certifying authority CA receives the request from the 
service provider SP and decides by means of its decider DEC whether the 
authorization is allowed. The decider DEC takes here for predefined information 

15 INF into account. According to this predefined information INF the service 
provider SP is a trustable service provider and is allowed by the decider DEC to 
execute the call set-up function when providing a service SERV to a user. The 
decider provides this result to the including means INC. The including means 
INC comprises this result into a prepared certificate CERT for the service provider 

20 SERV. The including means INC uses the enable predetermined function in order 
to provide authorization to the functionality related to the call set-up function f 1 . 
The definition becomes: enable-library(WTAI.WTAcall-handling). The certificate 
is provided by the certifying authority CA to the service provider SP and is also 
distributed into the network towards a predefined location. 

2 5 In the event when a user desires to make u se_of_the-service-S&R-V-Qf-thfi- 

service provider SP, at a certain moment during execution of the different steps of 
the service SERV the terminal T will be requested to execute the function fl call 
set-up function. In stead of executing this functionality immediately the terminal T 
will request for the existence of a certificate CERT(F) from the sen/ice provider SP. 

30 Since the terminal can find the certificate CERT at the predefined location into the 
network, the terminal T will download the certificate CERT. Whilst the certificate 
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CERT is controlled upon its signature it will also be checked by the processor P of 
the terminal T upon the definitions of the allowed functionality F. Since the 
certificate CERT of the service provider indeed comprises the definition of the call 
set-up functionality F, the execution of the function f 1 call set-up is allowed. This 
5 result is stored in a cache of the terminal T and the terminal T proceeds the 
execution of the desired service SERV by executing the call-set up function fl . 

While the principles of the invention have been described above in 
connection with specific apparatus, it is to be clearly understood that this 
description is made only by way of example and not as a limitation on the scope 
10 of the invention, as defined in the appended claims. 



